Getting a little tech oriented
Many of us have now been exposed to some form of two-factor authentication to access some account. This usually involves your smartphone or a text. First, you use your normal username and password. Then the site you are trying to access will request the second factor--a code from an email or text message, or approving access through a third party application, such as Duo Mobile.
While two-factor is much more secure than just your username and password, there is still the weak link: the user.
It's great if a hacker breaks into the site and manages to steal usernames and passwords (which are usually stored in an encrypted format called a hash), because without the second factor it's almost impossible to access the account.
However, thanks to a phishing attack and a specialty tool, even a two-factor protected account is vulnerable.
This Tool Can Hack Your Accounts Even with Two-Factor Authentication https://www.extremetech.com/extreme/269121-this-tool-can-hack-your-accounts-even-with-two-factor-authentication
Basically the hacker tricks the user into logging on to a malicious site, where username and password are stolen AND the session cookie for the current login to the real site is stolen. The only real clue of the danger is the site the user is logging into. Usually the malicious site has a close name. The article used LinkedIn as an example, with the malicious site being llnked.com, which our minds can easily mistake for linkedin.com
Cybersecurity is becoming vitally important to everyone. Cybercrime is becoming increasingly complex and sophisticated. Financial institutions and other organizations are working and experimenting with a wide array of ways to authenticate and authorize users.
Biometrics is one area. But, many of these authentication methods can be fooled. And, legally law enforcement can use a person's biometrics, such as fingerprint, to access systems which have been encrypted using that biometric. But, law enforcement (at least in the US) cannot force someone to reveal a password, or something they know.
Where is this going?
For a long time there has been talk about "the chip" or some kind of implantable device that allows a user to authenticate and be authorized to access a system.
I believe this is coming. Cybersecurity is heading that direction. Identify protection is heading towards better security. The best authentication system will integrate various factors simultaneously: something you know (like a password), something you are (a biometric), and something you have (like a security fob or smartphone).
However, for better security and maintaining identity the "something you have" will need to be uniquely addressed/assigned to you and your biometrics, so it cannot be used by someone else. An implanted device, keyed to your biometrics, can act as a permanent something you have.
With the increasing number of data breaches, I think we are heading this direction in the next five years. I'm not saying all systems will require it, but it will become increasingly accepted. And, I believe, it will prove to better secure personal information and protect against identify theft. That is, until those systems which maintain the authentication system get hacked.
But, I think there will be a big push for this type of authentication, particularly by financial institutions. There may even be government incentives. Maybe even a system like the FDIC, but those institutions who adopt these personal ID systems would receive an insurance protection from the government. Increased fees may be imposed on those who do not accept the personal ID protection system. It would be (at least currently) illegal to force anyone to use this type of system, but that would not stop a multitude of incentives to use it, and penalties for those who don't. Without the PID it would become increasingly difficult for anyone to perform any transactions because it would be difficult to verify the person is who they are claiming to be.
Would a personal ID protection system, like the chip, actually be the mark of the beast? It certainly could be interpreted as such, but I think the real mark is when we have sold ourselves to Babylon and her evil, carnal, and wicked ways that we know are against the Lord's commandments and teachings.
I do not think this PID system will be forced on Americans...until after the US has fallen. It may get pushed heavily after multiple disasters strain and drain our resources, and the government needs a good way to track people, and keep them from taking more than their allotted share. Other countries may begin implementing it on a wide scale sooner, but there is enough push-back from Americans that it will be difficult to force without a societal crash. Most likely it will become widely used in America, but it will be the rest of the world who uses it most. And, if America has fallen by then it will be of little concern to the rest of the world whether the remaining Americans use it or not.
While two-factor is much more secure than just your username and password, there is still the weak link: the user.
It's great if a hacker breaks into the site and manages to steal usernames and passwords (which are usually stored in an encrypted format called a hash), because without the second factor it's almost impossible to access the account.
However, thanks to a phishing attack and a specialty tool, even a two-factor protected account is vulnerable.
This Tool Can Hack Your Accounts Even with Two-Factor Authentication https://www.extremetech.com/extreme/269121-this-tool-can-hack-your-accounts-even-with-two-factor-authentication
Basically the hacker tricks the user into logging on to a malicious site, where username and password are stolen AND the session cookie for the current login to the real site is stolen. The only real clue of the danger is the site the user is logging into. Usually the malicious site has a close name. The article used LinkedIn as an example, with the malicious site being llnked.com, which our minds can easily mistake for linkedin.com
Cybersecurity is becoming vitally important to everyone. Cybercrime is becoming increasingly complex and sophisticated. Financial institutions and other organizations are working and experimenting with a wide array of ways to authenticate and authorize users.
Biometrics is one area. But, many of these authentication methods can be fooled. And, legally law enforcement can use a person's biometrics, such as fingerprint, to access systems which have been encrypted using that biometric. But, law enforcement (at least in the US) cannot force someone to reveal a password, or something they know.
Where is this going?
For a long time there has been talk about "the chip" or some kind of implantable device that allows a user to authenticate and be authorized to access a system.
I believe this is coming. Cybersecurity is heading that direction. Identify protection is heading towards better security. The best authentication system will integrate various factors simultaneously: something you know (like a password), something you are (a biometric), and something you have (like a security fob or smartphone).
However, for better security and maintaining identity the "something you have" will need to be uniquely addressed/assigned to you and your biometrics, so it cannot be used by someone else. An implanted device, keyed to your biometrics, can act as a permanent something you have.
With the increasing number of data breaches, I think we are heading this direction in the next five years. I'm not saying all systems will require it, but it will become increasingly accepted. And, I believe, it will prove to better secure personal information and protect against identify theft. That is, until those systems which maintain the authentication system get hacked.
But, I think there will be a big push for this type of authentication, particularly by financial institutions. There may even be government incentives. Maybe even a system like the FDIC, but those institutions who adopt these personal ID systems would receive an insurance protection from the government. Increased fees may be imposed on those who do not accept the personal ID protection system. It would be (at least currently) illegal to force anyone to use this type of system, but that would not stop a multitude of incentives to use it, and penalties for those who don't. Without the PID it would become increasingly difficult for anyone to perform any transactions because it would be difficult to verify the person is who they are claiming to be.
Would a personal ID protection system, like the chip, actually be the mark of the beast? It certainly could be interpreted as such, but I think the real mark is when we have sold ourselves to Babylon and her evil, carnal, and wicked ways that we know are against the Lord's commandments and teachings.
I do not think this PID system will be forced on Americans...until after the US has fallen. It may get pushed heavily after multiple disasters strain and drain our resources, and the government needs a good way to track people, and keep them from taking more than their allotted share. Other countries may begin implementing it on a wide scale sooner, but there is enough push-back from Americans that it will be difficult to force without a societal crash. Most likely it will become widely used in America, but it will be the rest of the world who uses it most. And, if America has fallen by then it will be of little concern to the rest of the world whether the remaining Americans use it or not.
Comments
Post a Comment